ISA replacement

Does anyone have a recommendation for a replacement of MS ISA server? Need reverse proxy functionality. Cheers
bozo1701Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jian An LimSolutions ArchitectCommented:
depends on your size.
TMG is the last version of reverse proxy for microsoft suite and they are not going to develop further their product.

outside microsoft you got plenty of choice depends on your size of company.
you can choose a software, or an appliance.

for example, but not limit to.

bluecoat

https://www.bluecoat.com/products/web-application-reverse-proxy

squid
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
0
btanExec ConsultantCommented:
you can actually check on application delivery controller such as F5 Network, Citrix. The MS direct replacement is TMG/UAG but the TMG is going end of life in 2020, there feature not to be supported as
...there are some features that will suffer from degraded functionality beginning in 2016. Microsoft has announced that it will cease to support the URL Reputation Services (URS) that TMG relies on for web site categorization on December 31, 2015. Also, Microsoft will no longer produce anti-malware and Network Inspection System (NIS) signature updates past this date (although they will continue to function, albeit with outdate signature files).
Having said that there is other provider supporting TMG though such as Celestix MSA.  http://www.celestix.com/best-forefront-tmg-2010-replacement-forefront-tmg-2010/

Forefront UAG can be used to publish internal servers via Web portal or directly (similar to Forefront TMG). For website and VPN replacement use Direct Access, but do note that Direct Access is not a replacement of VPN in few scenarios, e.g. VPN for external workers who shouldn't access all services as company's workers. Of course we can implement several Direct Access implementations in one company, but external workers are enforced to have desktops in company's domain.

F5 Networks
http://www.f5.com/pdf/white-papers/microsoft-threat-management-gateway-alternatives-white-paper.pdf

NetScalar
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-a-comprehensive-replacement-for-microsoft-forefront-threat-management-gateway.pdf

For your interest also in comparing Forefront UAG with TMG http://www.isaserver.org/articles-tutorials/general/Should-replace-TMG-firewalls-with-UAG.html
the key differences between TMG and UAG is to take a brief look at a few remote access features and how they differ (or don’t):

Application Intelligence and Publishing (UAG is better than TMG in most areas)
End Point Security (UAG is better than TMG in most areas)
SSL Tunneling (UAG is better than TMG in most areas)
Information Leakage Prevention (UAG is better than TMG in most areas)
Robust Authentication Support (KCD, ADFS, OTP) (UAG is more flexible)
Windows Server 2008, Native 64-Bit (same for both)
Product Certification (Common Criteria) (same for both)
NAP Integration (same for both)
Terminal Services Gateway Integration (easier to set up with UAG)
Web Farm Load Balancing (easier to set up with TMG)
Array Management (TMG more robust)
Enhanced Management and Monitoring (MOM Pack) (same for both)
Enhanced Mobile Solutions (UAG is better in most scenarios)
New and Customizable User Portal (N/A for TMG)
Wizard Driven Configuration (same for both)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
There is Sophos UTM as a TMG Replacement from a UTM perspective too if it is a single proxy and may be optimal from mgmt perspective but the role and access control has to be thought through to ensure least privileges for such in one box.

http://www.isaserver.org/articles-tutorials/general/life-after-tmg-considering-sophos-utm-tmg-replacement-part1.html

One of the things that people really like about TMG is its application layer filtering, which allows you to control specific applications. Sophos UTM provides excellent visibility into the applications that are being used on your network and allows you to control access to them. You monitor Internet connections that are going through the firewall and you can see what’s happening as it happens, and set policies based on what you observe. You can also perform bandwidth shaping to give priority to certain business-critical applications.
0
nociSoftware EngineerCommented:
You can also build up a plain unix/linux box and use NGINX as a reverse proxy.
That would be the closest i can think of to getting to a ISA. including support for websockets etc.
Squid will miss out on that kind of processing.
0
bozo1701Author Commented:
Thanx all for your suggestions. They are all  a potential replacement it seems. Looks like we will go with the F5 solution - expensive but solid.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.